9. Architecture of ATA iBT Browser with Plug-in Browser with Flash Standard Browser Different test client for different projects Exam Data via Internet 128-bit Proprietary Encryption Test Client Test Client Test Client Common Unified Server Management Console
10.
11.
12. ETX System in Action 2 ETX Exam Security Features 3 ETX Collaborative Exam System 1 3 3
13.
14. Security built throughout the process 128-bit symmetric encryption deployed throughout operation processes from pre-test, test delivery and post-test stages Online Off-line Online Secured ETX Test Delivery System Pre Test Testing Post Test
15.
16.
17.
18.
19.
20.
21. Security During Data Transfer Technologies to ensure secured delivery of test Test form Scrambled data packs Test info ******* encrypted Candidate data Data compile ****** encrypted Candidates input password Proctor Pwd Test form Time-related hardware key 1 2 3 4 Terminal Admin. Station Time Encryption Pre Test Testing Post Test
22. Secured Data Transmission Flowchart Shredder Test Taker Password Test Admin. Station Test Station Exam Starts Form/ Items 数 据 信 息 报 名 信 息 时 间 信 息 Pre Test Testing Post Test Authorization
23. Security During Test Photo- demographics On site photo-identity verification Onsite Photo taking Candidates arriving 登录 Pre Test Testing Post Test
24.
25.
26.
27. ETX System in Action 2 ETX Exam Security Features 3 ETX Collaborative Exam System 1 3 3
ETX is the core test administration, delivery and management platform that works to support various services throughout the test delivery process. It is an internet-based platform shared by all parties in the testing process including sponsors, candidates, test service providers and related training organizations. Different parties may access their corresponding modules in ETX in a secure way to process and manage information.
Our systems deploys 128-bit symmetric encryption process, meaning that the decryption key from the ‘decryptor’ has to be identical to the encryption key on the ‘encryptor’ hand before the exam data can be reverted back to meaningful information. The 128bit security keys generated and used by ATA on the ETX system are all one-time keys that are being attached to test items and test forms, meaning that they won’t be easily obtained by hackers. During most security breach attempts, certain information about the data would have to be obtained before an attack is possible and to increase the success rate of attack. Such information collection would have to be obtained gradually from static keys/passwords being used repeatedly for a period of time. The 128bit security keys generated and used by ATA on the ETX system are all one-time keys that are being attached to test items and test forms. While the 128bit key are all generated via the UUID technology that guaranteed to be unique and thus raising the bar of the system security.
To ensure that the tests are being administered in a fair, objective and legally defensible manner, ETX is capable of randomly picking items from the item bank in constructing individual test forms for each candidate to avoid cheating during the test. Thus exam items will not be the same for each candidate. Even if the candidates sitting next to each other have the same item, the choices for item would be arranged differently. Standardized test item types are all stored in centralized application servers and will only be downloaded dynamically before actual test time.
National Registered Proprietary Storage Technology ATA has developed and registered under the Chinese Government a proprietary storage core system TTDS ( TRANSFORMATION and TRANSPOSITION of DATA STORAGE ) . The essence of the technology is to integrate hardware elements and variance in determining the format and offset distortion of the storage information. Such algorithm was handled by computer drivers at a very low level to ensure that it cannot be revealed. Information processed via our TTDS technology would possess an immune system to protect from external attack. Since our system does not run through the computer’s main data bus; any intruder would have to trail upon security key of as long as 2Kbytes in order to match the key which may lead to impractical amount of effort and time to achieve.
This is a methodology used in item bank management to ensure that only authenticated users can have access to any part of the item bank. Finger-print sampling refers to legally extracting partial data string from the encrypted item pack and to store them as a separate encrypted file in the test sponsor. The main exam pack would be unable to be opened unless the finger-print sampling algorithm is also obtained before all missing data can be re-located back in place.